Hello all,
I have set a few of my Suricata rules to drop but how can I set it so they do not hit my alerts any longer. Is there a way to do this, as it would be helpful for the Alerts section to be those that I need to review and take action on.
Thanks,
Steve
Lets take this a step further. Here is a snippet from my Suricata alerts:
2021-08-10T10:20:59.484556-0400 2402000 allowed FIOS 89.248.168.157 60490 173.54.120.251 40000 ET DROP Dshield Block Listed Sourc
I would read this as this was allowed through my firewall but the attached shows that this entry was actually configured to drop. So I guess my question is what does Allowed mean above?
Thanks,
Steve